Filtered by vendor Langchain
Subscriptions
Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34540 | 1 Langchain | 1 Langchain | 2024-03-13 | 9.8 Critical |
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available. | ||||
CVE-2023-44467 | 1 Langchain | 1 Langchain Experimental | 2024-02-26 | 9.8 Critical |
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | ||||
CVE-2023-36258 | 1 Langchain | 1 Langchain | 2024-02-26 | 9.8 Critical |
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | ||||
CVE-2023-36189 | 1 Langchain | 1 Langchain | 2023-12-26 | 7.5 High |
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | ||||
CVE-2023-36281 | 1 Langchain | 1 Langchain | 2023-11-29 | 9.8 Critical |
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. | ||||
CVE-2023-32786 | 1 Langchain | 1 Langchain | 2023-10-27 | 7.5 High |
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | ||||
CVE-2023-46229 | 1 Langchain | 1 Langchain | 2023-10-25 | 8.8 High |
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | ||||
CVE-2023-39631 | 1 Langchain | 1 Langchain | 2023-09-06 | 9.8 Critical |
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | ||||
CVE-2023-34541 | 1 Langchain | 1 Langchain | 2023-08-29 | 9.8 Critical |
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | ||||
CVE-2023-39659 | 1 Langchain | 1 Langchain | 2023-08-22 | 9.8 Critical |
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | ||||
CVE-2023-38896 | 1 Langchain | 1 Langchain | 2023-08-22 | 9.8 Critical |
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | ||||
CVE-2023-38860 | 1 Langchain | 1 Langchain | 2023-08-22 | 9.8 Critical |
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | ||||
CVE-2023-36095 | 1 Langchain | 1 Langchain | 2023-08-14 | 9.8 Critical |
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. | ||||
CVE-2023-36188 | 1 Langchain | 1 Langchain | 2023-07-12 | 9.8 Critical |
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | ||||
CVE-2023-29374 | 1 Langchain | 1 Langchain | 2023-04-17 | 9.8 Critical |
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. |
Page 1 of 1.